Hi Ben, Thank you for responding and for the information. D2L hasn't requested anything from us yet, but I will write this down for when they do. Right now, I was referring to my office's internal network administrator and what he said he needed from me in order to open ports, etc. for CAS authentication with the resources (D2L, AdvisorTrac, Active Directory). I am new at all of this and don't understand how I missed the mark on what I've already given him, but he said I listed ports and protocols - just not which systems need access to what on other systems.
For example, all I know on the D2L documentation is that they need certain ports (like 389) open to access the LDAP. They do not say anything about a certain system on the LDAP they need access to..... He gave me an example of CAD needing access to RODC (Read only domain controller). Is this something you could help break down for me? Thanks! Constance From: Ben Branch [mailto:[email protected]] Sent: Tuesday, April 16, 2013 11:06 AM To: [email protected] Subject: RE: [cas-user] CAS setup question Constance, I have Desire2Learn running on CAS 3.4.10 with an Active Directory backing store. Just a note, my D2L instance is hosted. All that I recall having to provide D2L to get my CAS configured was providing them with the Login URL for the CAS (https://you-cas-server.school.edu:8443/cas/), The proper serviceValidate url (https://you-cas-server.school.edu:8443/cas/serviceValidate), and the logout URL. In return, they gave us the URL that we needed to put into our Service Manager. In my case it was something similar to the following (note, we use vanity URLs as well): http://learn.school.edu/d2l/orgtools/CAS/Default.aspx. I hope this helps. Ben Branch UNIX/Linux Administrator University of Central Oklahoma ITIL Foundation v3, Network+, RHCSA 100 N. University Drive, Box 122 Edmond, OK 73034 D: 405.974.2649 | M: 405.550.6804 | bbranch@uco.<mailto:bbranch@uco.>edu | www.uco.edu<http://www.uco.edu/> "I am wiser than this man, for neither of us appears to know anything great and good; but he fancies he knows something, although he knows nothing; whereas I, as I do not know anything, so I do not fancy I do. In this trifling particular, then, I appear to be wiser than he, because I do not fancy I know what I do not know." - Socrates From: Constance Morris [mailto:[email protected]] Sent: Tuesday, April 16, 2013 7:33 AM To: [email protected]<mailto:[email protected]> Subject: RE: [cas-user] CAS setup question Misagh, Thank you for your response. I've given our network administrator the port #'s and protocols for CAS and the different resources it needs to connect to (Desire2Learn, Active Directory, Luminis LDAP, AdvisorTrac, etc.), but he is requesting to know "which systems need access to which other systems via which protocols"? I thought I had given him the systems when listing them as: CAS, Desire2Learn, AdvisorTrac, Active Directory, Luminis LDAP, etc. but he mentioned an RODC (Read Only Domain Controller) and said he needed to know those kinds of systems. I couldn't find anything like that on the Desire2Learn technical packet of information or the others. They just mentioned needing to connect to the LDAP. Could you by chance give me some pointers on this? Thank you, Constance From: Misagh Moayyed [mailto:[email protected]] Sent: Tuesday, April 16, 2013 8:05 AM To: [email protected]<mailto:[email protected]> Subject: RE: [cas-user] CAS setup question CAS has the ability to connect to an account store, or multiple account stores for that matter in the way its authentication managers and handlers dictate to find and authenticate users. If you have more than one, such that accounts for instance are spread across an active directory server, another ldap server, a database, etc you potentially have to specify all of them in the CAS configuration, or find a way to merge and harmonize these stores into one cohesive unit. Additionally, if you have applications that are perhaps hosted on the cloud or somehow maintain their own account stores (such as Blackboard) in the way that ids are different from what you know and what the app knows, there will need to be a mapping defined between your account store and the app and a lookup step to find and locate the corresponding userid for the app. There's no "requirement" for ldaps, although it is certainly recommended. From: Constance Morris [mailto:[email protected]] Sent: Monday, April 15, 2013 1:33 PM To: [email protected]<mailto:[email protected]> Subject: RE:[cas-user] CAS setup question Also, when setting up network connections why would there be a need for LDAP-over-SSL connection? From: Constance Morris [mailto:[email protected]] Sent: Monday, April 15, 2013 4:19 PM To: [email protected]<mailto:[email protected]> Subject: [cas-user] CAS setup question We are running Luminis 4 portal and currently have active directory (AD) setup for authentication. I'm in the process of creating a CAS server and do not completely understand the connection with everything. Does the CAS server still have to connect to the LDAP in addition to then connecting to active directory for users to SSO, or can it connect just to active directory and the other resources (D2L, AdvisorTrac, etc.)? Thank you! Constance -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected]<mailto:[email protected]> as: [email protected]<mailto:[email protected]> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
